tudattr
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added k3s agents 

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
rewrite
Tuan-Dat Tran 2024-09-20 16:57:59 +02:00
parent 3aa56be025
commit 8fb4eaf610
13 changed files with 157 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
group_vars/k3s/vars.yml
View File

@ -14,8 +14,14 @@ k3s:
- 192.168.20.24 - 192.168.20.24
loadbalancer: loadbalancer:
ip: 192.168.20.22 ip: 192.168.20.22
default_port: 6443
db: db:
ip: 192.168.20.23 ip: 192.168.20.23
default_port: "5432" default_port: "5432"
agent:
ips:
- 192.168.20.25
- 192.168.20.26
- 192.168.20.27
k3s_db_connection_string: "postgres://{{db.user}}:{{db.password}}@{{k3s.db.ip}}:{{k3s.db.default_port}}/{{db.name}}" k3s_db_connection_string: "postgres://{{db.user}}:{{db.password}}@{{k3s.db.ip}}:{{k3s.db.default_port}}/{{db.name}}"

10
host_vars/k3s-agent00.yml Normal file
View File

@ -0,0 +1,10 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.25
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.k3s.server01.sudo }}"
host:
hostname: "k3s-agent00"
ip: "{{ ansible_host }}"

10
host_vars/k3s-agent01.yml Normal file
View File

@ -0,0 +1,10 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.26
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.k3s.server01.sudo }}"
host:
hostname: "k3s-agent01"
ip: "{{ ansible_host }}"

10
host_vars/k3s-agent02.yml Normal file
View File

@ -0,0 +1,10 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.27
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.k3s.server01.sudo }}"
host:
hostname: "k3s-agent02"
ip: "{{ ansible_host }}"

31
k3s-agents.yml Normal file
View File

@ -0,0 +1,31 @@
- name: Set up Agents
hosts: k3s_nodes
gather_facts: yes
vars_files:
- secrets.yml
pre_tasks:
- name: Get K3s token from the first server
when: host.ip == k3s.server.ips[0] and inventory_hostname in groups["k3s_server"]
slurp:
src: /var/lib/rancher/k3s/server/node-token
register: k3s_token
become: true
- name: Set fact on k3s.server.ips[0]
when: host.ip == k3s.server.ips[0] and inventory_hostname in groups["k3s_server"]
set_fact: k3s_token="{{ k3s_token['content'] | b64decode | trim }}"
roles:
- role: common
when: inventory_hostname in groups["k3s_agent"]
tags:
- common
- role: k3s_agent
when: inventory_hostname in groups["k3s_agent"]
k3s_token: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s.server.ips[0] ) | select() | first | items2dict).host.hostname].k3s_token }}"
tags:
- k3s_agent
- role: node_exporter
when: inventory_hostname in groups["k3s_agent"]
tags:
- node_exporter

22
production
View File

@ -2,21 +2,39 @@
mii mii
[k3s] [k3s]
k3s-server00
k3s-server01
k3s-postgres k3s-postgres
k3s-loadbalancer k3s-loadbalancer
k3s-server00
k3s-server01
k3s-agent00
k3s-agent01
k3s-agent02
[k3s_server] [k3s_server]
k3s-server00 k3s-server00
k3s-server01 k3s-server01
[k3s_agent]
k3s-agent00
k3s-agent01
k3s-agent02
[vm] [vm]
k3s-agent00
k3s-agent01
k3s-agent02
k3s-server00 k3s-server00
k3s-server01 k3s-server01
k3s-postgres k3s-postgres
k3s-loadbalancer k3s-loadbalancer
[k3s_nodes]
k3s-server00
k3s-server01
k3s-agent00
k3s-agent01
k3s-agent02
[db] [db]
k3s-postgres k3s-postgres

3
roles/helm/tasks/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- include_tasks: installation.yml
- include_tasks: apps.yml

6
roles/k3s_agent/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Restart k3s
service:
name: k3s
state: restarted
become: yes

21
roles/k3s_agent/tasks/installation.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: See if k3s file exists
stat:
path: /usr/local/bin/k3s
register: k3s_status
- name: Download K3s install script to /tmp/
when: not k3s_status.stat.exists
ansible.builtin.get_url:
url: https://get.k3s.io
dest: /tmp/k3s_install.sh
mode: "0755"
- name: Install K3s on the secondary servers
when: not k3s_status.stat.exists
command: |
/tmp/k3s_install.sh
environment:
K3S_URL: "https://{{ k3s.loadbalancer.ip }}:{{k3s.loadbalancer.default_port}}"
K3S_TOKEN: "{{ k3s_token }}"
become: true

2
roles/k3s_agent/tasks/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
- include_tasks: installation.yml

2
roles/k3s_server/handlers/main.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: Restart sshd - name: Restart k3s
service: service:
name: k3s name: k3s
state: restarted state: restarted

72
roles/k3s_server/tasks/installation.yml
View File

@ -1,32 +1,38 @@
--- ---
# - name: Download K3s install script to /tmp/ - name: See if k3s file exists
# ansible.builtin.get_url: stat:
# url: https://get.k3s.io path: /usr/local/bin/k3s
# dest: /tmp/k3s_install.sh register: k3s_status
# mode: "0755"
# - name: Download K3s install script to /tmp/
# - name: Install K3s server with node taint and TLS SAN when: not k3s_status.stat.exists
# when: host.ip == k3s.server.ips[0] ansible.builtin.get_url:
# command: | url: https://get.k3s.io
# /tmp/k3s_install.sh server \ dest: /tmp/k3s_install.sh
# --node-taint CriticalAddonsOnly=true:NoExecute \ mode: "0755"
# --tls-san {{ k3s.loadbalancer.ip }}
# environment: - name: Install K3s server with node taint and TLS SAN
# K3S_DATASTORE_ENDPOINT: "{{ k3s_db_connection_string }}" when: (host.ip == k3s.server.ips[0] and (not k3s_status.stat.exists))
# become: true command: |
# async: 300 /tmp/k3s_install.sh server \
# poll: 0 --node-taint CriticalAddonsOnly=true:NoExecute \
# register: k3s_primary_install --tls-san {{ k3s.loadbalancer.ip }}
# environment:
# - name: Wait for K3s to be installed K3S_DATASTORE_ENDPOINT: "{{ k3s_db_connection_string }}"
# when: host.ip == k3s.server.ips[0] become: true
# async_status: async: 300
# jid: "{{ k3s_primary_install.ansible_job_id }}" poll: 0
# register: k3s_primary_install_status register: k3s_primary_install
# until: k3s_primary_install_status.finished
# retries: 60 - name: Wait for K3s to be installed
# delay: 5 when: (host.ip == k3s.server.ips[0] and (not k3s_status.stat.exists))
# become: true async_status:
jid: "{{ k3s_primary_install.ansible_job_id }}"
register: k3s_primary_install_status
until: k3s_primary_install_status.finished
retries: 60
delay: 5
become: true
- name: Get K3s token from the first server - name: Get K3s token from the first server
when: host.ip == k3s.server.ips[0] when: host.ip == k3s.server.ips[0]
@ -39,16 +45,8 @@
when: host.ip == k3s.server.ips[0] when: host.ip == k3s.server.ips[0]
set_fact: k3s_token="{{ k3s_token['content'] | b64decode | trim }}" set_fact: k3s_token="{{ k3s_token['content'] | b64decode | trim }}"
- name: showdata
when: host.ip != k3s.server.ips[0]
debug:
msg: "{{a}} {{k3s_datastore_endpoint}}"
vars:
k3s_datastore_endpoint: "{{ k3s_db_connection_string }}"
a: "{{ hostvars[(hostvars | dict2items | map(attribute='value') | map('dict2items') | map('selectattr', 'key', 'match', 'host') | map('selectattr', 'value.ip', 'match', k3s.server.ips[0] ) | select() | first | items2dict).host.hostname].k3s_token }}"
- name: Install K3s on the secondary servers - name: Install K3s on the secondary servers
when: host.ip != k3s.server.ips[0] when: (host.ip != k3s.server.ips[0] and (not k3s_status.stat.exists))
command: | command: |
/tmp/k3s_install.sh server \ /tmp/k3s_install.sh server \
--node-taint CriticalAddonsOnly=true:NoExecute \ --node-taint CriticalAddonsOnly=true:NoExecute \

4
roles/loadbalancer/templates/nginx.conf.j2
View File

@ -5,12 +5,12 @@ events {}
stream { stream {
upstream k3s_servers { upstream k3s_servers {
{% for ip in k3s_server_ips %} {% for ip in k3s_server_ips %}
server {{ ip }}:6443; server {{ ip }}:{{k3s.loadbalancer.default_port}};
{% endfor %} {% endfor %}
} }
server { server {
listen 6443; listen {{k3s.loadbalancer.default_port}};
proxy_pass k3s_servers; proxy_pass k3s_servers;
} }
} }